package cn.school;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Date;
import java.util.Scanner;

public class StudentQuery {
	static {
		try {
			Class.forName("com.mysql.jdbc.Driver");
		} catch (ClassNotFoundException e) {
			System.out.println("驱动没有找到!");
			e.printStackTrace();
		}
	}

	public static void main(String[] args) {
		// sql注入漏洞
		System.out.println("学生登录之后查看成绩:");
		Scanner in = new Scanner(System.in);
		System.out.println("请分别输入学号和密码:");
		long stuno = in.nextLong();
		in.nextLine();
		String pass = in.nextLine();
		// >>>pass = pass.replace('\'', ' ');

		String url = "jdbc:mysql://localhost:3306/java67?useUnicode=true&characterEncoding=UTF8&useServerPrepStmts=true&prepStmtCacheSqlLimit=256&cachePrepStmts=true&prepStmtCacheSize=256&rewriteBatchedStatements=true&useSSL=false";
		Connection con = null;
		Statement stmt = null;
		ResultSet rs = null;
		try {
			con = DriverManager.getConnection(url, "zhaoyang", "zhaoyang");

			stmt = con.createStatement();
			String sql = "select * from s_student where";
			sql += " stuno=" + stuno + " and pass='" + pass + "'";
			System.out.println(sql);
			rs = stmt.executeQuery(sql);
			if (rs.next()) {
				System.out.println("输入正确!");
				System.out.println(rs.getString("sname"));
				Date date = rs.getDate("enterdate");
				System.out.println("入学时间是:" + date);
			} else {
				System.out.println("错误的学号或者密码!");
			}
		} catch (SQLException e) {
			e.printStackTrace();
		} finally {
			try {
				if (rs != null)
					rs.close();
			} catch (SQLException e1) {
				// TODO Auto-generated catch block
				e1.printStackTrace();
			}
			try {
				if (stmt != null)
					stmt.close();
			} catch (SQLException e) {
				// TODO Auto-generated catch block
				e.printStackTrace();
			}
			try {
				if (con != null)
					con.close();
			} catch (SQLException e) {
				// TODO Auto-generated catch block
				e.printStackTrace();
			}
		}

	}

}
